On Sun, 2019-11-17 at 08:48 +0800, Ed Greshko wrote:
On 11/17/19 8:35 AM, Ed Greshko wrote:
On 11/17/19 2:48 AM, Patrick O'Callaghan wrote:
But from the guest: [poc@fedora30 ~]$ showmount -e bree clnt_create: RPC: Unable to receive
What am I missing?
OK, I put up an nfs server on the host and get the same error.
If I disable the firewall on the host, it succeeds.
Strangely, looking at wireshark output it seems port 111 is unreachable. Even if I explicitly enable that port the problem persists.
OK, I fixed it....
I put the interface virbr0 in the FW zone libvirt.
On the host...
[root@meimei ~]# firewall-cmd --list-all --zone=libvirt libvirt (active) target: ACCEPT icmp-block-inversion: no interfaces: virbr0 sources: services: dhcp dhcpv6 dns mountd nfs nfs3 rpc-bind ssh tftp ports: protocols: icmp ipv6-icmp masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule priority="32767" reject
That did it. In fact virbr0 was already in the libvirt zone, but the various NFS services were not installed there.
This stuff is definitely not obvious. Note that you have to repeat the service additions with the --permanent flag or it will all be lost on the next reboot.
Thanks Ed.
poc